Cisco: Older Webex apps can infiltrate malicious code

Anyone using a Webex client for the conferencing software for Cisco in versions 44.6 or 44.7 should urgently update the software. These versions, regardless of the operating system, contain a faulty URL parser. According to the manufacturer, this can ensure that executable files can be downloaded via a prepared invitation link to a Webex conference.

These then run with all the user's rights. It is not clear from Cisco's announcement whether any operating system protection mechanisms are still active. The preliminary CVE classification of the vulnerability is "High" for the risk, with a score of 8.8 out of 10 points. There is no workaround.

Only the versions of Webex clients mentioned at the beginning are affected; according to Cisco, this does not include version 44.5 and versions prior to this. As of version 44.8, the clients should no longer have the vulnerability. Cisco did not disclose how it could occur and why it only occurs in 44.6 and 44.7. The repaired and current version 44.8 is available on the Cisco download pages.

Read also

Cisco: Thousands of Firewalls Vulnerable, New Attack Vectors Observed

---

Cisco: Partially critical security vulnerabilities in multiple products

---

Badcandy: Old Cisco IOS XE vulnerability still misused thousands of times

---

VoIP: Cisco and Ubiquiti Provide Security Updates

---

Ciso: New router for distributed AI workloads

Mehr anzeigenWeniger anzeigen

(nie)